|
|
@@ -307,6 +307,7 @@ CONFIG_ARRAY=(
|
|
|
"ADDITIONAL_SERVER_NAMES"
|
|
|
"ACME_CONTACT"
|
|
|
"WATCHDOG_VERBOSE"
|
|
|
+ "WEBAUTHN_DISABLE_ROOTCA"
|
|
|
)
|
|
|
|
|
|
sed -i --follow-symlinks '$a\' mailcow.conf
|
|
|
@@ -514,6 +515,25 @@ for option in ${CONFIG_ARRAY[@]}; do
|
|
|
echo '# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset-tls/' >> mailcow.conf
|
|
|
echo 'ACME_CONTACT=' >> mailcow.conf
|
|
|
fi
|
|
|
+ elif [[ ${option} == "WEBAUTHN_DISABLE_ROOTCA" ]]; then
|
|
|
+ if ! grep -q ${option} mailcow.conf; then
|
|
|
+ echo "# Disable including device root ca's for WebAuthn" >> mailcow.conf
|
|
|
+ echo '# setting WEBAUTHN_DISABLE_ROOTCA=y will allow you to use Fido2 devices from untrusted Manufacturers' >> mailcow.conf
|
|
|
+ echo '# It will solve "Error: invalid root certificate" at TFA device registration' >> mailcow.conf
|
|
|
+ echo '# Suported devices are' >> mailcow.conf
|
|
|
+ echo '# solo certified' >> mailcow.conf
|
|
|
+ echo '# apple certified' >> mailcow.conf
|
|
|
+ echo '# nitro certified' >> mailcow.conf
|
|
|
+ echo '# yubico certified' >> mailcow.conf
|
|
|
+ echo '# hypersecu certified' >> mailcow.conf
|
|
|
+ echo '# globalSign certified' >> mailcow.conf
|
|
|
+ echo '# googleHardware certified' >> mailcow.conf
|
|
|
+ echo '# microsoftTpmCollection certified' >> mailcow.conf
|
|
|
+ echo '# huawei certified' >> mailcow.conf
|
|
|
+ echo '# trustkey certified' >> mailcow.conf
|
|
|
+ echo '# bsi certified' >> mailcow.conf
|
|
|
+ echo 'WEBAUTHN_DISABLE_ROOTCA=' >> mailcow.conf
|
|
|
+ fi
|
|
|
elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
|
|
|
if ! grep -q ${option} mailcow.conf; then
|
|
|
echo '# Enable watchdog verbose logging' >> mailcow.conf
|
FreddleSpl0it